Re: [RFC] Default NSE Scripts

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kris Katterjohn wrote:
> Fyodor wrote:
> > On Fri, May 16, 2008 at 05:00:53PM -0500, Kris Katterjohn wrote:
> > > * ircServerInfo - I don't think this is default material (but I'm also
> > >   not an IRC user)
> > Well, it only runs if an IRC port is open and it then does discovery
> > for server information.  I'd suggest including it unless people think
> > the output is too verbose or not useful enough.
>
>
> Running against irc.efnet.org gives me:
>
> 6666/tcp open  irc     syn-ack
> |  IRC Server Info: Server: irc.blessed.net
> |  Version: ircd-ratbox-3.0.0beta3(20080423_3-25265). irc.blessed.net
> |  Servers/Ops/Chans/Users: 61/406/27994/59199
> |  Lservers/Lusers: 1/1360
> |  Uptime: 13 days, 6:41:47
> |  Source host: adsl-074-182-015-130.sip.jan.bellsouth.net
> |_ Source ident: NONE or BLOCKED
>
> Which is quite verbose.  It too could be fixed up with nmap.verbosity(),
> but I don't want to mess with it because I don't know what would be
> interesting enough for IRC users :)

Does anybody else have an opinion on this one, or care to redo it with
nmap.verbosity()?

IIRC this script and SMTPcommands are the only outstanding scripts, and
Jason is already working on the latter.

Sorry, but once again I'll post up the whole current list :) Aside from
the two aforementioned scripts, are there any problems below?

Default:

* anonFTP
* dns-test-open-recursion
* finger
* ftpbounce
* HTTPAuth
* HTTP_open_proxy
* MSSQLm
* MySQLinfo
* nbstat
* RealVNC_auth_bypass
* robots
* rpcinfo
* showHTMLtitle
* showOwner
* SNMPsysdesr
* SSHv1-support
* SSLv2-support
* UPnP-info
* zoneTrans

Non-Default:

* bruteTelnet - Too intrusive and slow
* chargenTest - Obscure / "demo"
* daytimeTest - Obscure / "demo"
* echoTest - Obscure / "demo"
* HTTPpasswd - A bit too intrusive and probably not useful enough
* HTTPtrace - Not default material
* iax2Detect - "version"
* ircServerInfo - Should be redone with nmap.verbosity() ?
* ircZombieTest - "malware"
* kibuvDetection - "malware"
* netbios-smb-os-detection - I want this to be default, but it's "version"
* PPTPversion - "version"
* promiscuous - I don't think it's useful enough
* ripeQuery - Abusive to RIPE
* showHTTPversion - Obscure / only category is ""
* showSMTPVersion - Obscure / "demo"
* showSSHVersion - Obscure / "demo"
* skype_v2-version - "version"
* SMTPcommands - Jason is handling it with nmap.verbosity()
* SMTP_openrelay_test - "demo" because of "real hostname" issue
* SQLInject - Obvious reasons  :)
* strangeSMTPport - Obscure / "backdoor"
* xamppDefaultPass - "vulnerability"


Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSDNKiv9K37xXYl36AQKKyA/+KEAnMq/vFUpsbomIuZBvsuhb+4niEYRH
kv08Ro9bxLx4j2vTgeC4Hw9/h1b6Bpo9Mf5Utwar5rdBW9FTUkMr+ER+MuvGJUgf
1FnJVfCEcrDhRPmaisA2Msmemu3oTqPUxYGv8cvujuwDMZ6OZfbBoe5NuibsHffx
Pj5Qul8xxVE7QlWU05tm3WEegVbTcHcHO+DUVb++FN2OIgXa9fD6VC+ftOo6inIl
hAv0wghptWRR6wl5idsPlRWEkzyJxkhk6EdX2zJ8oyG+aEoUSqzzjWGeYan+j5o2
zPz8QYIEvxAQ5274gPhdX4awwBmgsj+vdHhu/K4FGJC85jhnwMlgfivRl7bLl3FB
5Qp55lWeleWwSK2O4KOvQZEX7SUeNCfI2iAR2j+EsrzA5pFag1Dz7Dxg1kO4vkK1
rsVqL80q7ZEo0AZcO/V/CmZUNbUjgFkNbhm9mILhkykaViZ8glPnP8f/HpWOIHY3
sF+CBXsULbs+yKMFPfhhW3vJOEB/fPmyl0hR4X6F/TlZb3+/YG/ZbhdYRnzcPNlS
hnvEX6hDldvhWqk137YQkdYsTwvXmbfBd8SijNjWhvg/rjxKN/2i0pA/wWLBk3aW
PdtsEMJp+5oHPL1ioX7Fa1oH2bvj3rkrvlx32Eq2T20SslCvjw4TLT0FeQEoogR6
YHlaxCQ+aes=
=2W5/
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org